Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

Taking a conventional approach to security typically refers to “keeping the bad stuff out” of your network, meaning blocking malicious content such as spam, viruses, malware, DDoS attacks, or any number of other common threats. However, if you truly want your organization to be secure in today’s landscape, you also need to proactively assess your security posture and focus on mitigating risk. This will not only reduce the probability of an attack actually happening, but it will also enable the ability to remediate and recover your business quickly in the event of exposure.

So, how do you take this approach?

Mitigate the risk posed by targeted email attacks

Spear phishing and Business Email Compromise (BEC) attacks are highly targeted and researched attempts where criminals typically attempt to defraud individuals and lead them to transfer money or share credentials. In these attacks, criminals engage in casual conversation with victims through email in an attempt to gain the users’ trust before actually doing anything malicious. In many cases, criminals gather background information on victims through social media, which helps make their efforts more convincing.

Sanjay is a 20 year veteran in technology and has a passion for cutting edge technology and a desire to innovate at the intersection of technology trends. He currently leads product management, marketing and strategy for Barracuda’s security business worldwide. Connect with him on LinkedIn here.

Barracuda recently conducted a survey of its European customers to gather insights on backup and disaster recovery strategies and on the achievement of state-of-the-art recovery point and recovery time objectives. Our survey covered around 200 customers across organizations ranging from very small (0-1 employees) to very large (>10,000 employees), in a wide range of industries.

The responses showed backup strategies are fragmented, with many organizations struggling to meet restore requirements. Whereas local infrastructures appear to be protected in varying degrees, the majority of data in Microsoft Office 365 is not protected against modern threat such as ransomware and targeted attacks appropriately.

In an age littered with cyberattacks being launched from behind screens halfway around the globe, it’s hard to imagine the idea of someone willing to entertain the risk of physically stealing a corporate backup appliance from a secure data center. Obviously this scenario isn’t as common as the data breaches that continue to make headlines; however, certain industries require data to be encrypted at rest for compliance purposes — ensuring that any lost or stolen data can’t be viewed by anyone other than its owner.

Dark Overlord is the same nom de guerre employed by the individual or group of people that also launched the recent ransomware attacks against HBO and Netflix this year demanding to be paid to not post stolen intellectual property on the Web before the media companies' scheduled broadcast. Even after receiving a reported $50,000 payment the hackers apparently went ahead in one instance and released an episode of Orange is the New Black before its official release.

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.

*Note: This is the third and final post in our multi-part blog series that addresses ransomware threats and solutions in K-12 environments.

Last month, I discussed the two most pivotal steps in preventing ransomware attacks from wreaking havoc on your organization: user education and securing your network. While these steps establish a robust security posture to combat cyberattacks, there is still one more layer your organization can add to ensure recovery when an attack does strike: having a solid backup plan. Let’s chat about a few recent K-12 school districts that had to leverage their backup plan. In the news, we heard about Montana’s Bigfork Public School District who in November 2016 was hit with Ransomware and a payment of $10,000 was demanded. Rather than pay, they restored with an offsite backup. The same is true for Rhinebeck Central School District in New York who was also hit by a ransomware attack and did a restored with off-site backup files as well. As you can see, having a solid backup plan in place can not only prevent a ransomware payment and spare your data but it can also provide peace of mind.

Darius is a veteran of the network industry, with more than 21 years of experience in networking products, enterprise marketing and business development. He is currently Director of Product Marketing for Security at Barracuda Networks.

Barracuda Backup has supported secure and efficient offsite data replication for several years. Customers could configure replication to the Barracuda Cloud or to an offsite Barracuda Backup physical or virtual appliance. This met the needs of customers who either had no additional Barracuda Backup appliance or who are required to maintain strict ownership of data. With our new support for replication to AWS, our customers can now meet these needs by replicating to their own AWS Simple Storage Service (S3) bucket.

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

*Note: This is the second post in a multi-part blog series that addresses ransomware threats and solutions in K-12 environments.

Last month, we discussed Horry County School District’s experience with a crippling ransomware attack, having no choice but to pay a $10,000 ransom to unlock critical data and systems. We highlighted the first step in strengthening an organization’s security posture against such attacks: user training and awareness. Educating users to be aware of spoofed emails, misleading links, or suspicious attachments is an integral part of network security that can stop a ransomware attack before it even starts.

While effective user training and awareness can significantly reduce the number of successful attacks, keeping your network free of malware also requires a combination of effective perimeter filtering, strategically designed network architecture, and the capability to detect and eliminate resident malware that may already be inside your network. Here are some additional measures schools can take to can help fortify their networks against cyberattacks:

Darius is a veteran of the network industry, with more than 21 years of experience in networking products, enterprise marketing and business development. He is currently Director of Product Marketing for Security at Barracuda Networks.

Earlier this year, the world recognized World Backup Day (WBD) as a reminder to everyone that data is important and has to be protected. As part of the WBD recognition, Barracuda ran a series of blog posts on the reasons why companies lose data even when they do almost everything right.

As a follow up to our WBD activities, Barracuda conducted a survey of general technologists whose responsibilities include data protection and recovery. To be blunt, some of these results are alarming. In this article, we are going to run through the results, explain what they mean, and take a look at how to resolve these issues of concern.

*Note: This is the first post in a multi-part blog series that addresses ransomware threats and solutions in K-12 environments.

In February of 2016, South Carolina’s Horry County School District had no choice but to pay a $10,000 ransom to unlock critical data and systems following a ransomware attack. But, could the attack have been prevented — or perhaps after the school district was attacked, could they have avoided paying the ransom?

It’s no secret that we’re right in the middle of a ransomware epidemic, where the example here of Horry County having to pay to unlock critical files has become far too common. But what if Horry County’s users were more aware of how to detect possible threats like ransomware? Would the outcome have been different? Let’s take a look at why proactive user training and awareness can help keep students and faculty stay safe from cyber threats.

Darius is a veteran of the network industry, with more than 21 years of experience in networking products, enterprise marketing and business development. He is currently Director of Product Marketing for Security at Barracuda Networks.